Mobile Threat Monday: Android App Sells Your WhatsApp Conversations

F-Secure analyzed a particularly nasty Android app that targets users of the popular messaging service WhatsApp. For those not in the know, WhatsApp is among a growing class of messaging services that let you chat and send media to other users for free. It's particularly popular outside the US, or among people who don't want to pay to send text messages.

Once the dangerous app is installed, said F-Secure, it uploads your WhatsApp conversations to another website where anyone with your phone number can purchase copies.

BalloonPop2 The actual app to watch out for is called BalloonPop2. F-Secure and others report that it was available in Google Play for a time, but has since been removed. It's currently available from the developer's website.

Once installed, the game actually works—though it is a dull, stripped-down affair. But F-Secure explained that behind the scenes, the app is figuring out the details of your WhatsApp account. It also checks your SIM card's serial number, presumably to match your WhatsApp account to a phone number.

The app then copies the contents of two directors associated with WhatsApp: the entire contents of your Profile Pictures folder, and then files ending with ".db.crypt" contained in WhatsApp/Databases/.

WhatsAppCopy BalloonPop2 then uploads your files to the WhatsAppCopy website, where anyone can search for them through your phone number. If they want a copy of your conversations, they only need to pay a fee to WhatsAppCopy. What's not clear is if those files are readable. SecruityWatch is investigating whether the files BalloonPop2 swipes are encrypted or not.

WhatsAppCopy might seem obviously illegal, but from reading the WhatsAppCopy website (translated from Spanish via Google) the entire operation is framed as a "backup" service. The idea being that you'd install the game on your own device and purchase your own records. This is a pretty flimsy excuse, considering that the app used to copy your data isn't sold as a backup app, and that it's named in a way that encourages confusion with a number of popular Android games. It's clearly meant to deceive.

At best, WhatsAppCopy and BalloonPop2 fall into the grey-area of surveillance apps. These apps capture text messages and calls, and are targeted at people looking to spy on their significant others. At worst, it's a blatant attempt to steal your data and sell it.

How To Stay Safe Since WhatsAppCopy's BalloonPop2 app was removed from Google Play, there's little to fear from accidental infection. By default, Android devices block apps from sources other than Google Play and it's a good idea to leave this option turned on.

Without a foothold in Google Play, someone would have to link you to the app and convince you to install it. You should always be wary of links regardless of who sends them, but be particularly skeptical of anything that initiates a download onto your Android. This, of course, assumes that WhatsAppCopy doesn't have its claws in any other apps on Google Play.

For Android users, this is a reminder that messaging isn't always safe. If it's not the NSA looking at your text messages, the companies themselves might mishandle your information. If security is your primary concern, consider other services like TextSecure or Wickr.

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service

//Stay Connected

Get Product Reviews, Deals, & the Latest News from PCMag

sign up

Plus, get a free copy of PCMag for your iPhone or iPad today.

Offer valid for new PCMag app downloads only. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy.

THANK YOU FOR SUBSCRIBING!

Please follow this link (or search for the PC Magazine app on your iPad or iPhone) to get your free issue. Offer valid for new app downloads.

//Featured Programs

//our current issue

Select Term:

24 issues for $29.99 ONLY $1.25 an issue! Lock in Your Savings!

12 issues for $19.99ONLY $1.67 an issue!

State

Country

This transaction is secure

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service